How severe is CVE-2024-10174?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2024-10174?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2024-10174 - HIGH Severity | CVSS 7.3

Vulnerability Description

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.13 via the 'Abstract_Permission' class due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to spoof their identity to that of an administrator and access all of the plugins REST routes.

Related Vulnerabilities

CVE-2019-7890

HIGH

CVSS:7.3(High)

An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead t...

CWE-6392019

CVE-2021-44160

HIGH

CVSS:7.3(High)

Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote attacker can acquire another general user’s privilege by modifying the cookie parameter without authentica...

CWE-6392021

CVE-2024-45232

HIGH

CVSS:7.3(High)

An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An una...

CWE-6392024

CVE-2019-17050

HIGH

CVSS:7.2(High)

An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a softwa...

CWE-6392019

CVE-2021-22023

HIGH

CVSS:7.2(High)

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modif...

CWE-6392021

CVE-2023-2548

HIGH

CVSS:7.2(High)

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to o...

CWE-6392023